Class: Yawast::Scanner::Plugins::Servers::Iis

Inherits:

Object

• Object
• Yawast::Scanner::Plugins::Servers::Iis

Defined in:

lib/scanner/plugins/servers/iis.rb

Class Method Summary

• .check_all(uri, head) ⇒ Object
• .check_asp_banner(head) ⇒ Object
• .check_asp_net_debug(uri) ⇒ Object
• .check_banner(banner) ⇒ Object
• .check_header_value(head, search, message) ⇒ Object
• .check_mvc_version(head) ⇒ Object

Class Method Details

.check_all(uri, head) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 25

def self.check_all(uri, head)
  # run all the defined checks
  check_asp_banner(head)
  check_mvc_version(head)
  check_asp_net_debug(uri)
end

.check_asp_banner(head) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 32

def self.check_asp_banner(head)
  check_header_value head, 'x-aspnet-version', 'ASP.NET'
end

.check_asp_net_debug(uri) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 57

def self.check_asp_net_debug(uri)
  begin
    req = Yawast::Shared::Http.get_http(uri)
    req.use_ssl = uri.scheme == 'https'
    headers = Yawast::Shared::Http.get_headers
    headers['Command'] = 'stop-debug'
    headers['Accept'] = '*/*'
    res = req.request(Debug.new('/', headers))

    if res.code == 200
      Yawast::Utilities.puts_vuln 'ASP.NET Debugging Enabled'

      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'asp_net_debug_enabled',
                                      {vulnerable: true, body: res.body, code: res.code}
    else
      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      'asp_net_debug_enabled',
                                      {vulnerable: false, body: res.body, code: res.code}
    end
  end
end

.check_banner(banner) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 8

def self.check_banner(banner)
  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'iis_version_exposed',
                                  {vulnerable: false, version: nil}

  # don't bother if this doesn't include IIS
  return unless banner.include? 'Microsoft-IIS/'
  @iis = true

  Yawast::Utilities.puts_warn "IIS Version: #{banner}"
  puts ''

  Yawast::Shared::Output.log_hash 'vulnerabilities',
                                  'iis_version_exposed',
                                  {vulnerable: true, version: banner}
end

.check_header_value(head, search, message) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 40

def self.check_header_value(head, search, message)
  head.each do |k, v|
    if k.downcase == search
      Yawast::Utilities.puts_warn "#{message} Version: #{v}"
      puts ''

      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      "asp_net_#{search.tr('-', '_')}_version_exposed",
                                      {vulnerable: true, version: v}
    else
      Yawast::Shared::Output.log_hash 'vulnerabilities',
                                      "asp_net_#{search.tr('-', '_')}_version_exposed",
                                      {vulnerable: false, version: nil}
    end
  end
end

.check_mvc_version(head) ⇒ Object

# File 'lib/scanner/plugins/servers/iis.rb', line 36

def self.check_mvc_version(head)
  check_header_value head, 'x-aspnetmvc-version', 'ASP.NET MVC'
end